Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
823
Views
1
Helpful
3
Replies

remote access VPN ASA 5505

mbraun_saxeed
Level 1
Level 1

‎02-05-2008 04:43 AM - edited ‎02-21-2020 03:32 PM

Hi,

I have configured remote access VPN in my CISCO ASA 5505 SW Version 7.2(2). It's working fine, i get ip address from vpn_pool, can connect to

internal hosts and use services there. But if i connect to external ressources (e.g. internet->website), no connection is set up.

First, ASDM Log shows the error message:

13:11:54 302014 192.168.1.150 209.85.135.104 Teardown TCP connection 147256 for outside:192.168.1.150/2122 to outside:209.85.135.104/80 duration 0:00:00 bytes 0 Flow is a loopback (vpn_user)

After entering "same-security-traffic permit inter-interface" and "same-security-traffic permit intra-interface",

ASDM Log shows now the error message:

13:13:17 302013 192.168.1.150 209.85.135.103 Built inbound TCP connection 147281 for outside:192.168.1.150/2127 (192.168.1.150/2127) to outside:209.85.135.103/80 (209.85.135.103/80) (vpn_user)

13:13:47 302014 192.168.1.150 209.85.135.103 Teardown TCP connection 147281 for outside:192.168.1.150/2127 to outside:209.85.135.103/80 duration 0:00:30 bytes 0 SYN Timeout (vpn_user)

Any ideas how to solve this problem and how to connect to external ressources using remote access VPN (without SplitTunneling)?

Thanks.

Regards,

M.Braun

--

attached ASA Config

Labels:
23415-asa.config
0 Helpful
3 Replies 3

attrgautam
Level 5
Level 5

‎02-05-2008 05:57 AM

Here is a sample configuration of split tunneling

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml

And yes, it is a good way of allowing Internet and VPN on the same end host. However, I am still trying to see why your configuration is not working....

0 Helpful

mbraun_saxeed
Level 1
Level 1
In response to attrgautam

‎02-07-2008 02:12 AM

Thank you for the link. I will try it. I hope you will find the error in my config.

Thanks in advance, Braun.

0 Helpful

husycisco
Level 7
Level 7
In response to mbraun_saxeed

‎02-07-2008 04:01 PM

Hi Markus

Do the following modification in your config

access-list split_t permit ip 192.168.1.0 255.255.255.0 192.168.1.128 255.255.255.192

group-policy vpn_1 attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_t

Keep in mind that using a VPN pool subnet which is covered by your inside interface is a handicap for possible further configurations

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents